# Blocăm accesul direct la includes/
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^includes/ - [F,L]
</IfModule>

# Forțăm HTTPS
<IfModule mod_rewrite.c>
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

# Headers securitate
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>

# Permitem doar POST pe API
<Files "api/*.php">
    <LimitExcept POST>
        Order deny,allow
        Deny from all
    </LimitExcept>
</Files>
